MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aab1f1bdba7083a25d7c841cd2dc3588cc0f3e28e29260bea5c2fd5b033697fb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	aab1f1bdba7083a25d7c841cd2dc3588cc0f3e28e29260bea5c2fd5b033697fb
SHA3-384 hash:	11904d1af7402ea805f9219b953fb5a1869a80442228e0ffc3aefd374593ad5076cc726178b9694569cad8dc76fd8e08
SHA1 hash:	1a20c6dac05a6c7677d33abfa46002ed7bcdacb5
MD5 hash:	e5914abc71dc8a4e9d2892e7db17dfe6
humanhash:	romeo-artist-lithium-neptune
File name:	aab1f1bdba7083a25d7c841cd2dc3588cc0f3e28e29260bea5c2fd5b033697fb.bin
Download:	download sample
File size:	349'184 bytes
First seen:	2026-04-12 15:17:54 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	9b760feffec4fca9c313889f9a05ee36 (1 x CobaltStrike)
ssdeep	6144:JVOsAEDARgvMPqq/suj0IXMOe+u+dxRZDayC6w0aOyg/OI5NAHEMNxgJa2GmxKDs:H+EDAcMiqUu4Ij1LLw07/nwPgJawis
TLSH	T11774233C53211776DAB159790049EC8F59C62F9222CF9EA7E9E00F5EEA3FE95021D063
TrID	33.1% (.EXE) Win64 Executable (generic) (6522/11/2) 25.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 10.4% (.ICL) Windows Icons Library (generic) (2059/9) 10.3% (.EXE) OS/2 Executable (generic) (2029/13) 10.1% (.EXE) Generic Win/DOS Executable (2002/3)
Magika	pebin
Reporter	KodaDr
Tags:	exe Loader RAT STX

KodaDr

#STX RAT #Loader
https://www.esentire.com/blog/stx-rat-a-new-rat-in-2026-with-infostealer-capabilities

Intelligence

File Origin

# of uploads :

# of downloads :

114

Origin country :

Vendor Threat Intelligence

No detections

Malware family:

n/a

ID:

File name:

aab1f1bdba7083a25d7c841cd2dc3588cc0f3e28e29260bea5c2fd5b033697fb.bin

Verdict:

No threats detected

Analysis date:

2026-04-12 15:21:06 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/64f092b7-6165-4785-9cae-454934349a75

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/61241/

Verdict:

Malicious

Score:

70%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69dbb7c045787c53e53911f2

Tags:

virus

Result

Verdict:

Clean

Maliciousness:

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

exploit masquerade microsoft_visual_cc packed

Link:

https://www.filescan.io/uploads/69dbb7bec33dc5a985d74033/reports/d1a2a120-8c0d-4cb2-98ca-3bf9fa266ea0/overview

Verdict:

Malicious

Labled as:

Win64/Kryptik_AGeneric.TM trojan

Link:

https://www.hybrid-analysis.com/sample/aab1f1bdba7083a25d7c841cd2dc3588cc0f3e28e29260bea5c2fd5b033697fb

Verdict:

Malicious

File Type:

dll x64

First seen:

2026-02-23T15:05:00Z UTC

Last seen:

2026-04-13T07:18:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/aab1f1bdba7083a25d7c841cd2dc3588cc0f3e28e29260bea5c2fd5b033697fb/results?tab=lookup

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/d8faaa83-4908-471d-8aef-9c6c03068cf1

Score:

99%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/aab1f1bdba7083a25d7c841cd2dc3588cc0f3e28e29260bea5c2fd5b033697fb

Verdict:

inconclusive

YARA:

5 match(es)

Tags:

Executable PDB Path PE (Portable Executable) PE File Layout Win 64 Exe x64

Link:

https://app.malva.re/file/e5914abc71dc8a4e9d2892e7db17dfe6

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/aab1f1bdba7083a25d7c841cd2dc3588cc0f3e28e29260bea5c2fd5b033697fb/

Threat name:

Win64.Trojan.StxRat

Status:

Malicious

First seen:

2026-03-06 00:48:31 UTC

File Type:

PE+ (Dll)

AV detection:

18 of 24 (75.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=vky7dpn2ocb2exl4qqonfxbvrdga6pri4kjgbpvfyl6vwazws75q._file

Verdict:

malicious

Label(s):

stxrat

stxrat_loader

Similar samples:

error

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/260412-stvpfaax6t/

Unpacked files

SH256 hash:

aab1f1bdba7083a25d7c841cd2dc3588cc0f3e28e29260bea5c2fd5b033697fb

MD5 hash:

e5914abc71dc8a4e9d2892e7db17dfe6

SHA1 hash:

1a20c6dac05a6c7677d33abfa46002ed7bcdacb5

Link:

https://www.unpac.me/results/1a5f250c-f01f-44b5-b9e5-15a0895c9210/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.14

Link:

https://yomi.yoroi.company/submissions/aab1f1bdba7083a25d7c841cd2dc3588cc0f3e28e29260bea5c2fd5b033697fb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/61241/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample